package com.myCommon.security.config;

import com.myCommon.security.exceptionHandler.AccessDeniedHandlerImpl;
import com.myCommon.security.exceptionHandler.AuthenticationEntryPointImpl;
import com.myCommon.security.filter.JwtAuthTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig{

      @Bean
      public PasswordEncoder passwordEncoder(){
            return new BCryptPasswordEncoder();
      }
      
      @Autowired
      private JwtAuthTokenFilter jwtAuthTokenFilter;
      
      @Autowired
      private AuthenticationEntryPointImpl authenticationEntryPoint;
      
      @Autowired
      private AccessDeniedHandlerImpl accessDeniedHandler;
      
      @Bean
      public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                  http
                  //关闭csrf
                  .csrf().disable()
                  //不通过Session获取SecurityContext
                  .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                  .and()
                  .authorizeRequests()
                  // 对于登录接口 允许匿名访问
                  .antMatchers("/user/login").anonymous()
                  // 除上面外的所有请求全部需要鉴权认证
                  .anyRequest().authenticated();
      
            http.addFilterBefore(jwtAuthTokenFilter, UsernamePasswordAuthenticationFilter.class);
      
            http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
                  .accessDeniedHandler(accessDeniedHandler);
            
            http.cors();
            return http.build();
      }
      
      @Autowired
      private AuthenticationConfiguration authenticationConfiguration;
      
      @Bean
      public AuthenticationManager authenticationManager() throws Exception{
            AuthenticationManager authenticationManager = authenticationConfiguration.getAuthenticationManager();
            return authenticationManager;
      }
}
